Exporting AD Group Members

When I look at the members of an AD group all I see is 'members' (showing their logon name) and 'Active Directory Folder' (showing domain\Users). Unfortunately the logon name does not show their first and last names, rather it shows their logon name we gave them when we had our NT domain. Now that we have migrated to W2K I can see their names in the users view but the group view dows not seem to have first and last names....

My question is this: How do you view this information without looking at each members login name, then going to their User Object properties to find their first and last names? And better yet, is there a way of exporting it into a txt file?

alsace
Take a look at DUMPSEC from SOMARSOFT.COM - an excellent reporting tool that outputs into text files, screen and Excel format.
You could try altering the displayname field to "LastName, FirstName"

alsace
Take a look at DUMPSEC from SOMARSOFT.COM - an excellent reporting tool that outputs into text files, screen and Excel format.

You could try altering the displayname field to "LastName, FirstName" by renaming each user. The Account itself will retain the same login name (see the Account tab in the properties), but will display as anything you like.

The fastest thing to do is to open your ADUC MMC, then from the "View" menu, choose "Add/Remove columns". Add "Display Name".
What you're currently seeing in the MMC in the "Name" column is the Distinguished Name of the AD object. You can right-click the user and change the name there; this will not change the logon name (so the users won't notice this), but you will then see the changed user's name in the Name column.
In addition to this, you still have (in the user's profile itself) first name, last name, display name, the User Principal Name, and the pre-Windows 2000 logon name (which is the one your users are logging on with). Except for the display name and the pre-W2k name, all those names will be empty after the NT4 migration.

oBdA - This technique helped if I wanted to see the first and last names in the USERS view, but the fields are not populated in the GROUP view (which is what I want). Furthermore, when I actually go into the group properties it only shows the username and active directory folder views...not the first and last name attributes..

JamesDS - This tool was pretty good (especially for freeware), but again when dumping group membership it specifies usernames by default, and I can't see how this can be changed (I found another tool on the same site - 'exporter' - which was also good but had the same results..)

I basically want to be able to customise the view by choosing the ATTRIBUTES in the schema that I want (in this case first name, last name) rather than the username. Unfortunately my predecessors decided to use a login name that had no bearing whatsoever on the user's actual names...so therein lies my problem.

I have found a workaround however - I used DumpSec (as suggested by jamesDS) to export the group members of the groups I was interested in (by username). I then did the same with all users in our domain using the 'Dump Users As Table Fast (names only)' option - this gave me usernames and full names, but no group m'ships. I saved each export as a CSV, combined them, and then did a VLOOKUP in excel to map the usernames (in the group membership export) to full names (in the domain users export). his worked a treat.

The only problem it is fiddly - I 'm sure there must be a tool to view the schema attributes of the members of a group, and export the ones that I want...?

Thanks again guys - appreciate your help.... if there are no closer replies within the next 24hrs I am going to award the points to JamesDS as it achived what I wanted (with some tweaking).

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

To view the members by name in the group membership as well, you'll have to change the users' Distinguished Name, as I suggested before; this is the one you see in the regular "Name" column. You can right-click those and change them; this will NOT change their logon name.

Understood oBdA - and I think I will need to get someone to painstakingly rename everyone in the domain, but for my requirements this is a completely redundant exercise, as it will require me changing each users name - which will need me to identify each user in the group that I want, which is exactly what I wanted to avoid if I could. I realise this is the long term solution, but I wanted to pull out the Display Name attribute for group membership a really quick way, as the default group membership view shows the name attribute - which in our case is the pre W2K logon.

This was obviously harder than I thought! I really appreciate your help guys... as such I have increased the Q value to 250 and will split the points - 150 to JamesDS, and 100 to oBdA for the long term solution.

Cheers,

Alsace

0

Featured Post

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…

For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…